Posted by: Robert Vamosi
Post date: 6/14/2006
After the release of Yamanner worm, researchers at SANS Incidents.org posted a warning that new exploits will use JavaScript and Ajax-like behavior to spread in the future. More troubling is this statement: "After testing several popular Web applications, we have found that several are in fact vulnerable to the very same type of exploit." The researchers will be contacting the affected vendors privately. There's also a report that the author of the Yamanner worm contacted various security companies looking for work. Of course, the individual (who may not be the worm's author; he offered no evidence to support his claim) was turned down.